Skip to content

feat: password reset flow — backend + frontend#8

Merged
TymekV merged 6 commits intoaginrocks:masterfrom
PawiX25:feat/mail-crate
Apr 4, 2026
Merged

feat: password reset flow — backend + frontend#8
TymekV merged 6 commits intoaginrocks:masterfrom
PawiX25:feat/mail-crate

Conversation

@PawiX25
Copy link
Copy Markdown
Contributor

@PawiX25 PawiX25 commented Apr 3, 2026
edited
Loading

Add end-to-end password reset: API endpoints, token storage, email delivery, and two new frontend pages.

Backend (server/)

  • POST /api/password-reset — accepts {email}, generates UUID token, stores in MongoDB (password_reset_tokens) with 1-hour TTL, sends reset email; always returns {success: true} to prevent user enumeration
  • POST /api/password-reset/confirm — validates token, checks expiry, updates password hash (Argon2), deletes token (one-time use)
  • AxumError::service_unavailable helper added
  • MailService wired into AppState, initialised from settings.mail in main.rs

Frontend (apps/frontend/)

  • /forgot-password page — email form + Check your email success state
  • /reset-password?token=... page — new password + confirm, shows Password changed! with Sign in button
  • Fixed Forgot Password? link in login-options.tsx (was incorrectly pointing to /register)
  • packages/api-schema/api.d.ts: added /api/password-reset and /api/password-reset/confirm path and schema types

Notes

  • config.toml general.public_url must be set to the frontend URL (e.g. http://localhost:3031) so the reset link in the email lands on the correct page

TymekV
TymekV reviewed Apr 4, 2026
View reviewed changes
PawiX25 added 2 commits April 4, 2026 02:17
@PawiX25
refactor: address PR aginrocks#8 review feedback
fb41621 
- password_reset: generate token via Alphanumeric rng (64 chars) instead of UUID
- password_reset: hash token with SHA256 before storing/looking up in DB
- reset-password page: rename to ResetPassword, wrap in Suspense to fix build error
@PawiX25
feat: add POST /api/settings/password/change endpoint
de4b0a1
TymekV
TymekV requested changes Apr 4, 2026
View reviewed changes
TymekV
TymekV requested changes Apr 4, 2026
View reviewed changes
@PawiX25
refactor: address PR aginrocks#8 round 2 review feedback
9463b6d 
- extract generate_reset_token, hash_token, hash_password into utils
- rename PasswordResetToken.token field to token_hash
- use hash_password helper in settings/password change
TymekV
TymekV requested changes Apr 4, 2026
View reviewed changes
@TymekV TymekV merged commit 9aca478 into aginrocks:master Apr 4, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@TymekV TymekV TymekV approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@PawiX25 @TymekV